Dammit. Those music-stealers ruin everything.

From TFA: It’s surprising that Microsoft hasn’t made more noise about the use of Microsoft Office in space

Microsoft probably isn't making more noise about this because it is a TERRIBLE system.

Can anyone find an actual translation of the amendment or a better summary? TFA sounds like it was written in a combination of management-ese and marketing-speak.

FTA: "...the image is of the computer geek surrounded by such things as computer games, science-fiction memorabilia and junk food...", followed by "...many women don't like the portrait of masculinity that it evokes..."

YES! GEEKS ARE MASCULINE!!!

They are effectively shifting the work of verification to the recipient of the letter. If you are guilty, they found their mark. If you haven't done what they accuse you of, and you will probably be indignant enough to go through some effort to correct their "error". Sending out the letters without verification requires almost no work from them, has no risk, and sometimes gets them money. Verification would only add more work with no payback in reduction of risk or increase in monetary return.

I am surprised more people don't see this as a shakedown racket. Also, since the RIAA gets money in return for the cost of a trained monkey running mailmerge in Microsoft Word, I don't see why they haven't purchased an electronic copy of the phone book so they can simply send out letters to everyone in the country.

"Guideline" is incompatible with "require".

The BSA cannot assess anything. They have no legal authority to do so. What they can do is ask you to pay money in a settlement rather than engaging in a very long and expensive legal battle against them. If the case has very clear-cut evidence, paying $250,000 may well be cheaper, quicker and simpler than a court battle, even for a very small company.

But competing is HARD.

Getting legislation passed that legally mandates everyone do as you wish is EASY. And probably entails less cost and risk.

If they are smaller/cheaper shops, they probably aren't playing around with heavy virtualization to begin with. If you are virtualizing your example box, you're doing it wrong.

Get a better UPS setup. If you have entire racks of systems that fill a cage, and your servers all shut down because their power died, you're doing it wrong. Rather than plugging all of the servers into individual UPS systems, get a UPS that covers all the circuits for the cage. And a generator.

More than anything else, executives don't want to be surprised. Giving them the weekly page response numbers is fine, but what they really need is forward-looking analysis based on those numbers and your experience. Something like "looking at the current load capabilities of our web servers, we will probably need to spend some capital on additional web servers if we add more than 500 additional reporting sites. Looking at our current growth rate of adding 50 sites per month, it looks like that money will need to be spent in less than 10 months to support continued growth." What they REALLY hate is when you run into their office at 12:30 on Friday afternoon yelling "Our systems hit the wall with that last new customer. I need $25k NOW!" Also, you've covered your butt by notifying them about serious issues that could affect the business with enough time to plan.

They may not actually spend the money that you have recommended, but if you have a trail to document your recommendations, you may be able to avoid getting blamed when the web servers can't handle the load when that big new customer gets signed.

I follow a number of security-focused mailing lists, and about once every two or three months someone posts something like this: "Help! The plant mangers at $CRITICAL_INFRASTRUCTURE_SITE where I work want to have all the formerly air-gapped SCADA systems accessible via a web browser from any internet-connected PC so they can check the plant status from home, on vacation, while at conferences etc. I haven't been able to talk them out of it, can anyone help with a better argument?"

What reasoning do your propose to people who's response to the argument of "if we are hacked, the loss of life and bankruptcy of our company will come back to you" is met with "you IT guys are too paraniod"?

Until people start going to jail, profit and convenience will trump everything else.

No, I don't, I believe that falls under acceptable use. I don't neccessarily agree with the "Don't hack your Tivo" attitude either. I'm just trying to bring some clarification as to why the "don't steal from Tivo" folks try to also clamp down on the "repurpose my Tivo" folks.

The problem is that repurposing a tivo would require the exact same skills, tools and methods as cheating tivo by stealing their service. Short of personally knowing the requester, there isn't a real good way to distinguish the hacker (repurposing) from the cracker (stealing service).